[Bug 1966591] Re: ssh-keygen -R changes known_hosts file permissions (mode)

Sergio Durigan Junior 1966591 at bugs.launchpad.net
Thu Mar 31 14:44:53 UTC 2022 

** Description changed:

+ [Impact]
+ 
+ When using "ssh-keygen -R" to remove a host from "known_hosts" the
+ command changes permissions on the file.  This can cause problems
+ particularly when used on the global "known_hosts" file
+ (/etc/ssh/ssh_known_hosts), because then only root can read it. Programs
+ running non-interactively as non-root users suddenly fail to SSH and
+ it's not immediately obvious why.
+ 
+ [Test Plan]
+ 
+ The problem happens on Bionic and Focal.
+ 
+ $ lxc launch ubuntu-daily:focal openssh-bug1966591
+ $ lxc shell openssh-bug1966591
+ # ssh-keyscan github.com > test_known_hosts
+ # chmod 644 test_known_hosts
+ # ssh-keygen -R github.com -f test_known_hosts
+ # stat test_known_hosts
+ ...
+ Access: (0600/-rw-------) ...
+ ...
+ 
+ [Where problems could occur]
+ 
+ The upstream patch is very simple and it is unlikely that it will cause
+ any regressions.  An indirect problem that could occur is that users
+ might expect to see a more strict set of permissions on a "known_hosts"
+ file after using "ssh-keygen -R", but arguably this is not defined
+ behaviour and should not be relied upon.  Of course, there is always a
+ (very) small risk of introducing problems when rebuilding packages using
+ newer versions of its dependencies (especially on Bionic, because it's
+ older).
+ 
+ [Original Description]
+ 
  When I use ssh-keygen -R to remove a host from known_hosts it changes
  permissions on the file. This causes problems particularly when used on
  the global known hosts file (/etc/ssh/ssh_known_hosts), because then
  only root can read it. Programs running non-interactively as non-root
  users suddenly fail to SSH and it's not immediately obvious why.
  
  To reproduce:
  
  $ ssh-keyscan github.com >test_known_hosts
  $ chmod 741 test_known_hosts
  $ ssh-keygen -R github.com -f test_known_hosts
  $ stat test_known_hosts
  ...
  Access: (0600/-rw-------) ...
  
  Expected behavior: file permissions remain unchanged (mode 0741 in this
  example).
  
  $ lsb_release -rd
  Description:	Ubuntu 18.04.6 LTS
  Release:	18.04
  
  $ apt-cache policy openssh-client
  openssh-client:
-   Installed: 1:7.6p1-4ubuntu0.6
+   Installed: 1:7.6p1-4ubuntu0.6

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to openssh in Ubuntu.
https://bugs.launchpad.net/bugs/1966591

Title:
  ssh-keygen -R changes known_hosts file permissions (mode)

Status in portable OpenSSH:
  Unknown
Status in openssh package in Ubuntu:
  Fix Released
Status in openssh source package in Bionic:
  In Progress
Status in openssh source package in Focal:
  In Progress
Status in openssh source package in Impish:
  Fix Released
Status in openssh source package in Jammy:
  Fix Released

Bug description:
  [Impact]

  When using "ssh-keygen -R" to remove a host from "known_hosts" the
  command changes permissions on the file.  This can cause problems
  particularly when used on the global "known_hosts" file
  (/etc/ssh/ssh_known_hosts), because then only root can read it.
  Programs running non-interactively as non-root users suddenly fail to
  SSH and it's not immediately obvious why.

  [Test Plan]

  The problem happens on Bionic and Focal.

  $ lxc launch ubuntu-daily:focal openssh-bug1966591
  $ lxc shell openssh-bug1966591
  # ssh-keyscan github.com > test_known_hosts
  # chmod 644 test_known_hosts
  # ssh-keygen -R github.com -f test_known_hosts
  # stat test_known_hosts
  ...
  Access: (0600/-rw-------) ...
  ...

  [Where problems could occur]

  The upstream patch is very simple and it is unlikely that it will
  cause any regressions.  An indirect problem that could occur is that
  users might expect to see a more strict set of permissions on a
  "known_hosts" file after using "ssh-keygen -R", but arguably this is
  not defined behaviour and should not be relied upon.  Of course, there
  is always a (very) small risk of introducing problems when rebuilding
  packages using newer versions of its dependencies (especially on
  Bionic, because it's older).

  [Original Description]

  When I use ssh-keygen -R to remove a host from known_hosts it changes
  permissions on the file. This causes problems particularly when used
  on the global known hosts file (/etc/ssh/ssh_known_hosts), because
  then only root can read it. Programs running non-interactively as non-
  root users suddenly fail to SSH and it's not immediately obvious why.

  To reproduce:

  $ ssh-keyscan github.com >test_known_hosts
  $ chmod 741 test_known_hosts
  $ ssh-keygen -R github.com -f test_known_hosts
  $ stat test_known_hosts
  ...
  Access: (0600/-rw-------) ...

  Expected behavior: file permissions remain unchanged (mode 0741 in
  this example).

  $ lsb_release -rd
  Description:	Ubuntu 18.04.6 LTS
  Release:	18.04

  $ apt-cache policy openssh-client
  openssh-client:
    Installed: 1:7.6p1-4ubuntu0.6

To manage notifications about this bug go to:
https://bugs.launchpad.net/openssh/+bug/1966591/+subscriptions

More information about the foundations-bugs mailing list